安装 kubernetes
centos7 安装
环境准备
- 关闭centos 自带的防火墙
systedctl disable firewalld
systedctl stop firewalld
- 安装etcd和kubernetes(会自动安装docker,如果之前存在docker会引发异常,需要先卸载之前存在的docker)
yum install -y etcd kubernetes
- 安装好软件后,需要修改两个配置文件
- 修改配置文件
/etc/sysconfig/docker,其中OPTIONS的内容设置为:
OPTIONS='--selinux-enabled=false ---insecure-registry gcr.io'
- kubernetes apiserver 配置文件
/etc/kubernetes/apiserver, 把--admission_control参数中的ServiceAccount删除
- 按顺序启动所有服务
systemctl start etcd
systemctl start docker
systemctl start kube-apiserver
systemctl start kube-controller-manager
systemctl start kube-scheduler
systemctl start kubelet
systemctl start kube-proxy
services=("etcd" "docker" "kube-apiserver" "kube-controller-manager" "kube-scheduler" "kubelet" "kube-proxy")
for service in ${services[@]};do systemctl start $service;done;
for service in ${services[@]};do systemctl status $service;done;
- 查看所有服务运行状态
systemctl status etcd
systemctl status docker
systemctl status kube-apiserver
systemctl status kube-controller-manager
systemctl status kube-scheduler
systemctl status kubelet
systemctl status kube-proxy
- 重启所有服务
systemctl restart etcd
systemctl restart docker
systemctl restart kube-apiserver
systemctl restart kube-controller-manager
systemctl restart kube-scheduler
systemctl restart kubelet
systemctl restart kube-proxy
启动mysql 服务
- 首先为mysql创建一个RC定义文件
apiVersion: v1
kind: ReplicationController # 副本控制器rc
metadata:
name: mysql # rc的全名称
spec:
replicas: 1 # Pod副本期待数量
selector:
app: mysql # 符合目标的Pod拥有此标签
template: # 根据此模板创建Pod的副本(实列)
metadata:
labels:
app: mysql #POD副本拥有的标签,对应RC的Selector
spec:
containers: #Pod内容器定义的部分
- name: mysql #容器名称
image: mysql # 容器对应的docker image
ports:
- containerPort: 3308 #容器暴露的端口号
env:
- name: MYSQL_ROOT_PASSWORD
value: "mysql"
查看所有pods
(base) [root@centos7-test ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mysql-nsbnk 1/1 ContainerCreating 0 1d
mysql 容器一直处于ContainerCreating状态
查看mysql 创建状态
(base) [root@centos7-test ~]# kubectl describe pod mysql-nsbnk
Name: mysql-nsbnk
Namespace: default
Node: 127.0.0.1/127.0.0.1
Start Time: Sun, 04 Sep 2022 02:32:09 -0400
Labels: app=mysql
Status: Pending
IP:
Controllers: ReplicationController/mysql
Containers:
mysql:
Container ID:
Image: mysql
Image ID:
Port: 3308/TCP
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Volume Mounts: <none>
Environment Variables:
MYSQL_ROOT_PASSWORD: mysql
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
1d 6m 525 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
1d 1m 11763 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image "registry.access.redhat.com/rhel7/pod-infrastructure:latest""
发现容器创建异常
异常
docker-ce conflicts with 2:docker-1.13.1-209.git7d71120.el7.centos.x86_64
docker-ce-cli conflicts with 2:docker-1.13.1-209.git7d71120.el7.centos.x86_64
- 问题描述
运行:
yum install -y etcd kubernetes
报错:
--> Running transaction check
---> Package libnl.x86_64 0:1.1.4-3.el7 will be installed
---> Package python-backports.x86_64 0:1.0-8.el7 will be installed
---> Package python-ipaddress.noarch 0:1.0.16-2.el7 will be installed
--> Processing Conflict: 3:docker-ce-20.10.17-3.el7.x86_64 conflicts docker
--> Processing Conflict: 3:docker-ce-20.10.17-3.el7.x86_64 conflicts docker-io
--> Processing Conflict: 1:docker-ce-cli-20.10.17-3.el7.x86_64 conflicts docker
--> Processing Conflict: 1:docker-ce-cli-20.10.17-3.el7.x86_64 conflicts docker-io
--> Finished Dependency Resolution
Error: docker-ce conflicts with 2:docker-1.13.1-209.git7d71120.el7.centos.x86_64
Error: docker-ce-cli conflicts with 2:docker-1.13.1-209.git7d71120.el7.centos.x86_64
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
- 引发原因
新安装的docker和系统中已经安装的docker-ce和docker-ce-cli版本有冲突,删除冲突包即可。
- 解决方法
yum -y remove docker-ce
yum -y remove docker-ce-cli
Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
(base) [root@centos7-test ~]# kubectl describe pod mysql-nsbnk
Name: mysql-nsbnk
Namespace: default
Node: 127.0.0.1/127.0.0.1
Start Time: Sun, 04 Sep 2022 02:32:09 -0400
Labels: app=mysql
Status: Pending
IP:
Controllers: ReplicationController/mysql
Containers:
mysql:
Container ID:
Image: mysql
Image ID:
Port: 3308/TCP
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Volume Mounts: <none>
Environment Variables:
MYSQL_ROOT_PASSWORD: mysql
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
1d 6m 525 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
1d 1m 11763 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image "registry.access.redhat.com/rhel7/pod-infrastructure:latest""
解决办法在node节点中配置 如果master也充当node节点的作用则也需要配置 查看/etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt 是一个软链接,但是链接过去后并没有真实的/etc/rhsm,所以需要使用yum安装:
yum install rhsm -y
安装完成后,执行一下docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
如果依然报错,可参考下面的方案: 在线安装rpm包 wget mirror.centos.org/centos/7/os…
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
这两个命令会生成/etc/rhsm/ca/redhat-uep.pem文件.
顺得的话会得到下面的结果。
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
删除之前创建的容器并重新启动
running即为成功启动
当我们通过 docker ps指令查看正在运行的容器时候,发现提供Mysql 服务的Pod 容器,已经创建并正常运行了,此外,你会发现 Mysql Pod 对应的容器还多创建了一个来自谷歌的 pause 容器,这就是Pod 的 ‘根容器’
(base) [root@centos7-test ~]# docker ps | grep mysql
29706d8c5dcb mysql "docker-entrypoint..." 4 days ago Up 4 days k8s_mysql.61831c56_mysql-nsbnk_default_4dad0b28-2c1b-11ed-ace8-000c29082418_75b6db7d
b384841e4398 registry.access.redhat.com/rhel7/pod-infrastructure:latest "/usr/bin/pod" 4 days ago Up 4 days k8s_POD.211c0ba7_mysql-nsbnk_default_4dad0b28-2c1b-11ed-ace8-000c29082418_d6adf20c
最后,我们创建一个与之关联的 Kubernetes Service ---- mysql 的定义文件 mysql-svc.yaml
apiVersion: v1
kind: Service # 表明是 Kubernetes Service
metadata:
name: mysql # Service 的 全局唯一名称
spec:
ports:
- port: 3306 # Service 提供的端口号
selector:
app: mysql # Service 对应的Pod拥有这些定义的标签
metadata.name 是 Service 的服务名 (Service Name);port 属性定义了Service的虚端口; spec.selector 确定了那些Pod副本(实列)对应到本地服务
创建 Service
(base) [root@centos7-test ~]# kubectl create -f mysql-svc.yaml
service "mysql" created
查看所有服务
(base) [root@centos7-test ~]# kubectl get services
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.254.0.1 <none> 443/TCP 6d
mysql 10.254.20.135 <none> 3306/TCP 7s
mysql 服务被分配到了一个值为 10.254.20.135 的 Cluster IP 地址,这是一个虚地址, Kubernetes 集群钟的其他新创建的Pod就可以通过Service的 Cluster IP + 端口号3306来连接访问他了。
通常,Cluster IP 是在Service 创建后由Kubenetes 系统自动分配的,其他的Pod无法预先知道某个Service的Cluster IP 地址,因此需要一个服务发现机制来找到这个服务。为此,Kubernetes 巧妙地使用了Linux虚拟环境变量(environment Variable)来解决这一问题,后面会详细介绍。现在我们需要知道,根据Service的唯一名字,容器就可以从环境变量中获取到Service对应的Cluster IP地址和端口,从而发起TCP/IP连接请求。
启动Tomacat 应用
创建对应 RC 文件 myweb-rc.yaml
kind: ReplicationController
metadata:
name: myweb
spec:
replicas: 5
selector:
app: myweb
template:
metadata:
labels:
app: myweb
spec:
containers:
- name: myweb
image: kubeguide/tomcat-app:v1
ports:
- containerPort: 8080
env:
- name: MYSQL_SERVICE_HOST
value: 'mysql'
- name: MYSQL_SERVICE_PORT
value: '3306'
创建RC kubectl create -f myweb-rc.yaml
(base) [root@centos7-test ~]# kubectl create -f myweb-rc.yaml
replicationcontroller "myweb" created
查看 pods 状态
(base) [root@centos7-test ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mysql-nsbnk 1/1 Running 0 6d
myweb-2whks 1/1 Running 0 2m
myweb-kgf4k 1/1 Running 0 2m
myweb-nc6bs 1/1 Running 0 2m
myweb-tjx0l 1/1 Running 0 2m
myweb-vz32d 1/1 Running 0 2m
创建对应 Service myweb-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: myweb
spec:
type: NodePort
ports:
- port: 8080
nodePort: 30001
selector:
app: myweb
type=NodePort 和nodePort=30001的两个属性,表明此Service开启了NodePort的方式进行外网访问模式,在Kubernetes集群之外,比如浏览器里面,可以通过30001这个端口访问到myweb(对应到8080的虚端口上)
创建服务
(base) [root@centos7-test ~]# kubectl create -f myweb-svc.yaml
service "myweb" created
查看 创建的service
(base) [root@centos7-test ~]# kubectl get services
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.254.0.1 <none> 443/TCP 6d
myweb 10.254.68.229 <nodes> 8080:30001/TCP 1m
第一个 kubernetes 例子搭建成功
